Georgia Tech researchers developed a new cyber security analysis method which discovered eleven previously unknown Internet browser security flaws, and were honored with the Internet Defense Prize, an award offered by Facebook in partnership with USENIX, at the 24th USENIX Security Symposium. Their research explores vulnerabilities in C++ programs (such as Chrome and Firefox) which result from “bad casting” or “type confusion.” Bad casting enables an attacker to corrupt the memory in a browser so that it follows a malicious logic instead of proper instructions.

The two recent network breaches at the Office of Personnel Management (OPM), which allowed the pilfering of sensitive personal information of millions of federal employees, their families, clearance applicants, and contractors, has drawn attention to the Department of Homeland Security’s $3 billion network monitoring program called Einstein. The question now is whether that program is the capable of preventing another intrusion in the future.

Researchers have discovered a serious flaw in vehicle security, which allowed them to hack a car, remotely activating its windscreen wipers, applying its brakes, and even disabling them – and do all this by using simple text messages. The vulnerability was found in small black dongles which are connected to the vehicles’ diagnostic ports. The dongles are used by insurance companies and fleet operators and are plugged into the car’s onboard diagnostics port (OBD-II).

The vulnerability of American government organizations to hacking by foreign government-baked hackers was in evidence again when, a few days ago, it was revealed that Russian government hackers, using spear-phishing attacks, breached Joint Staff e-mail system. The breach caused about 4,000 civilian and military employees to lose access to their e-mail while the system was cleaned. U.S. government sources say that a separate set of attacks by Chinese government hackers targeted the personal e-mails of “all top national security and trade officials.” These attacks, which began in 2010, were among the more than 600 hacks by hackers working for the Chinese government, and their target was the personal e-mail info of top administration officials. The hacks were still going on.

Russian government-backed hackers have managed to hack the Pentagon’s unclassified e-mail server used by the office of the Joint Chiefs. Military officials said Thursday that the sophistication of the attack shows that it has been conducted by hackers with the resources typically available only to states. The e-mail system was taken offline as soon as the intrusion was detected. The required cyber protection measures and security patches were all in place, but the attackers still managed to circumvent them and find a way into the network in a manner that U.S. government cyber experts had not seen before, senior Defense officials said.

Georgia Tech researchers were awarded $4.2 million from the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory (AFRL) to improve how data is tracked between computers, Internet hosts, and browsers for better cyber security. The four-year project, titled “THEIA” after the Greek goddess of shining light, attempts to shed light on exactly where data moves as it is routed from one Internet host to another and whether any malicious code, for example, is attached to data during transfer.

Researchers have developed a computer network security tool to help government agencies, along with state and local governments. The software-based technology, known as the Network Mapping System (NeMS), discovers and characterizes computer networks. “It is important to know what you have on your networks, so that you can decide what best practices to apply,” says one of the researchers.

The village Ilion in central New York paid ransom twice last year — $300 and $500 — to have access to its computers two official-looking e-mails planted malware throughout the village’s computer system. The New York State comptroller’s office has audited 100 municipal computer systems the past three years, and said the experience of Ilion should serve as a warning to others municipalities of the growing cyberthreat – especially attempts by hackers to infiltrate computer systems to make them inaccessible unless ransom is paid.

The Food and Drug Administration (FDA) issued a warning in which it “strongly encourages” hospitals to stop using Hospira’s Symbiq Infusion System, because the device is vulnerable to attacks by hackers who could remotely control dosages delivered via the computerized pumps. The FDS said that tests have shown that an unauthorized third party – hackers – could access the Symbiq infusion system by breaching hospital networks.

FireEye the other day released a new Threat Intelligence report which analyzes the functionality and obfuscation tactics of an advanced piece of malware employed by the likely Russian government-backed Advanced Persistent Threat (APT) group APT29. APT29 combines steganography, cloud storage, and social media services to fly under the radar of network defenders.

U.S. military bases are at risk for cyberattacks against the bases’ power grid and other utility systems, according to a new report on defense infrastructure from the Government Accounting Office. The 72-page GAO document concludes military bases “may be vulnerable to cyber incidents that could degrade operations and negatively impact missions.”

With 2.5 million daily users, the Tor network is the world’s most popular system for protecting Internet users’ anonymity. For more than a decade, people living under repressive regimes have used Tor to conceal their Web-browsing habits from electronic surveillance, and Web sites hosting content that’s been deemed subversive have used it to hide the locations of their servers. Researchers have now demonstrated a vulnerability in Tor’s design, mounting successful attacks against popular anonymity network — and show how to prevent them.

In 2013, Israel’s grid was cyberattacked, on average, a few hundred times per hour. Last year the average hourly attacks on Israel’s grid was 20,000.The number of detected cyberattacks on Israel reached two million a day during the war with Hamas last summer. The Israeli government decided there was a need to reorganize and improve the cyberdefense systems protecting Israel’s critical infrastructure.

Air-gapped computers are isolated — separated both logically and physically from public networks — ostensibly so that they cannot be hacked over the Internet or within company networks. Researchers at the Ben-Gurion University of the Negev (BGU) Cyber Security Research Center have discovered that virtually any cellphone infected with a malicious code can use GSM phone frequencies to steal critical information from infected “air-gapped” computers.

Recently the FBI offered a reward of $3 million for any useful information which will lead to the apprehension of Evgeniy Mikhailovich Bogachev. Bogachev is notorious for creating the Gameover Zeus botnet, which the FBI had successfully shut down in mid-2014, but the agency failed to capture Bogachev himself. In early 2015 Bogachev managed to restore Zeus.The hackers behind Zeus are believed to have stolen more than $100 million since3 2011. Experts worry that botnet may be used for more than stealing money, and may become a weapon of cyber warfare.

The long view

The evidence of cyberattacks by Russian government hackers against the Democratic Party and the Clinton campaign is not only incontrovertible – this is the conclusion of both the U.S. intelligence community and leading cyber experts – but such attacks are nothing new. “This is not a new activity. It is new only in the United States. They routinely undertake cyber operations against democracies in Eastern Europe and other neighbors in the region, mostly to effect turnout, to spread propaganda, and to make the election seen less legitimate,” says Christopher Porter of FireEye’s iSIGHT team. “Ultimately they want to break democracy itself” in the United States and “around the world, wherein it is seen like a less legitimate system. That’s their ultimate goal to send message to the public that democracy cannot be trusted.”

Stanford cybersecurity expert Herb Lin says the 21 October cyberattack that snarled traffic on major Web sites reveals weaknesses in the Internet of Things that need to be addressed. But stricter security requirements could slow innovation, cost more and be difficult to enforce.

A key difference between cybersecurity threats and other security threats is the mismatch between public and private capabilities and levels of authority in responding to these threats. The lack of government resources to defend the private sector from digital threats places businesses on the front lines of the cyber conflict and can put national security, economic vitality, and privacy at risk. A new report calls for increased collaboration between the public and private sectors to use available tools more effectively to disrupt and deter cyber threats, noting the collaboration between the private sector and policymakers is long overdue.

The world is dangerously unprepared for a global disaster sparked by cyberattacks on space infrastructure. Much of the world’s infrastructure – including the economies and militaries of the world’s developed countries – is dependent on space machinery, and any disruption of that machinery would have a cascading consequences – some merely debilitating, other catastrophic. Governments around the world have invested heavily in protecting infrastructure on Earth – yet not nearly enough has been done to thwart threats from space to that infrastructure.